What best practices should be followed when sending emails through a contact form in PHP?

When sending emails through a contact form in PHP, it is important to validate user input to prevent injection attacks and ensure data integrity. Additionally, always sanitize user input to prevent cross-site scripting attacks. Use a secure email library to send emails, such as PHPMailer, to prevent email header injection vulnerabilities.

// Example code snippet using PHPMailer to send emails securely

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require &#039;vendor/autoload.php&#039;;

// Create a new PHPMailer instance
$mail = new PHPMailer(true);

try {
    // Server settings
    $mail-&gt;isSMTP();
    $mail-&gt;Host = &#039;smtp.example.com&#039;;
    $mail-&gt;SMTPAuth = true;
    $mail-&gt;Username = &#039;your@example.com&#039;;
    $mail-&gt;Password = &#039;yourpassword&#039;;
    $mail-&gt;SMTPSecure = &#039;tls&#039;;
    $mail-&gt;Port = 587;

    // Recipient
    $mail-&gt;setFrom(&#039;from@example.com&#039;, &#039;Your Name&#039;);
    $mail-&gt;addAddress(&#039;recipient@example.com&#039;, &#039;Recipient Name&#039;);

    // Content
    $mail-&gt;isHTML(true);
    $mail-&gt;Subject = &#039;Subject&#039;;
    $mail-&gt;Body = &#039;Email body content&#039;;

    // Send the email
    $mail-&gt;send();
    echo &#039;Email sent successfully&#039;;
} catch (Exception $e) {
    echo &#039;Email could not be sent. Mailer Error: &#039; . $mail-&gt;ErrorInfo;
}

Keywords

PHP email contact form validation SMTP

What best practices should be followed when sending emails through a contact form in PHP?

Keywords

Related Questions